Restore Counselling, Training and Relates Services Privacy Policy (2018)

This is the privacy policy for Restore, which explains how information is collected about you through the use of Restore’s website and in the day to day running of the charity and services it provides.

Restore may need to update this policy when necessary so please remember to check back from time to time. This is version 1.3 and was last updated and approved by Restore’s Trustees on 17th February 2023. References to specific articles have been updated to reflect changes in legislation following the UK’s withdrawal from the EU.

1. Who we are and what we do

Restore Counselling, Training and Related Services (known as Restore for short) became a registered charity in November 2015. Primarily a counselling service, Restore offers counselling to children, teenagers and adults. A bursary fund ensures that nobody is turned away from the service due to not being able to afford the counselling fee. Restore also offers supervision to counsellors, student counsellors and other professionals and a bursary fund is available for this too. In addition, Restore holds training days on the subject of suicide and self-injury: teaching counsellors, other professionals and the general public.

Restore is registered with the Information Commissioners Office, under registration reference ZA340196. Any data collected will be used and held in accordance with the requirements of the UK General Data Protection Regulations (UK GDPR) and UK Data Protection Act 2018 (DPA 2018).

The Trustees hold overall responsibility for the charity. However, for the purposes of obtaining, filing, processing and keeping your personal information confidential, Restore’s Managing Director, Jackie Barrett, is the Data Controller and Data Processor for Restore. If you are receiving counselling through Restore, your designated counsellor will also become a Data Controller and a Data Processor.

For further information about our privacy practices, please contact Restore’s Director (also the counselling manager), Jackie Barrett by email: info@restorecounsellingservices.org.uk or phone: 07456 267951.

2. How we collect information about you

We collect information from you in the following ways:

When you interact with us directly

This could be if you ask us about one of our services (counselling, supervision or training), engage in a counselling assessment or begin therapy with us, register with us for a training event or make a donation to us. This includes when you visit our website or get in touch via direct email, telephone, by post or in person.

When you interact with us through third parties

This could be if you provide a donation through a third party such as Just Giving or Virgin Money and you provide your consent for your personal information to be shared with us.

Specific information we collect from you and why we need it

If you decide to receive counselling through Restore:

You will first of all be asked to complete an Initial Contact Form either by email with our counselling manager or via a phone call with her. Here your name, address, date of birth, emergency contacts and medical information will be taken. However, before this occurs, you will be asked to give consent for us to hold this information about you. During the initial contact you will also be asked for a brief description of why you are seeking counselling. All of this information is required in order to help the manager know which counsellor may be the best person to work with you. Sometimes people have already given this description through direct email, the website’s contact form, via voicemail or in person so this will be summarised again on the form.

Once a counsellor has been allocated to you, you will meet them for an initial assessment which will ask for further details about the issues you are finding difficult. This assessment sheet will not hold any personal details and a code will replace your name.

If both parties are happy to proceed with counselling, you will then be asked to sign a counselling agreement.

Restore will securely store your data for six years from the date you end your counselling agreement. The retention period is calculated in relation to client information that might be needed in a court of law.

Please note that counselling cannot take place if consent is not given to hold your personal information.

A special note about the Sensitive Personal Information we hold

Data Protection Law recognises that some categories of personal information are more sensitive. Sensitive Personal information can include information about a person’s health, race, ethnic origin, political opinions, sex life, sexual orientation or religious beliefs.

If you contact us in order to receive counselling, you may choose to provide details of a sensitive nature.

We will only use this information:

  • For the purposes of working with you in a therapeutic relationship. We will not pass on your details to anyone without your express permission except in exceptional circumstances. These are: if we are requested to do so by a court of law, if you are at risk of seriously harming yourself or someone else, if you tell us about a child being abused or at imminent risk of being abused and if we didn’t, it would be a criminal offence for us (related to drug trafficking and terrorism).

If you make a donation to Restore or purchase a CD from the website

Personal information we collect includes details such as your name, email address, postal address and telephone number. You will have given us this information whilst making a donation.

We will use this information to:

  • Process and record your donations, to claim Gift Aid if applicable and verify any financial transactions.
  • Provide the services or goods you have requested.
  • To update you with important administrative messages about your donation or goods you have requested.
  • Comply with the Charities (Protection and Social Investment) Act 2016 and follow the recommendations of the official regulator of charities, the Charity Commission, which require us to identify and verify the identity of supporters who make major gifts so we can assess any risks with accepting donations.

If you do not provide this information, we will not be able to process your donation or provide you with any goods you have requested.

We may also use this information to contact you about our work but only if you have given us consent to do so.

If you book on a training day with us

We will collect details regarding your name, postal address, email address and telephone number. This is so that we can process your payment, confirm your place and get in touch with you if we need to give you additional information about the day or in the unlikely event that we need to cancel the day. If the event is cancelled by us, you will receive a full refund by the method which you paid. So if you paid by cheque, we will send you a cheque. If you paid by BACS, we will need to request your bank details to transfer the money back to you.

Once the course has ended, your postal address, email address and telephone number will be deleted from our records unless you have completed a form which gives us consent to keep them so that you can be informed of any training event we hold in the future. You can request for your details to be erased at any time.

4. Who will see your personal information

For those making donations or purchasing a CD from the website

Only Restore’s Director, treasurer and external auditor will see your personal information needed to document your donation or purchase for our accounting. In addition to that, if we can claim Gift Aid on your donation, HMRC will see your personal details to validate the Gift Aid.

For those booking a training day

Restore’s Director (Jackie Barrett) will be the only one who sees your booking form giving your personal information. This form will be shredded after the delivery of the training day unless you have given your written consent to keep it in order to inform you of future training days we will run.

If you pay online, your name will be seen by Restore’s Director, treasurer and external auditor. In the event of the training day being cancelled by us and a refund needing to be given, your bank details will be erased from the computer once given and will only be stored on our online banking system, accessed only by Restore’s Director and treasurer.

For those receiving supervision

Only your supervisor will have access to your personal information unless there is an ethical or legal dispute involving you and then some of your personal information may be shared but not without your knowledge. Please see the terms of your agreement for further details.

For clients receiving counselling:

Initial Contact form information

This will be seen by both the counselling manager and your counsellor. Nobody else will be allowed to see these details. Your name, address and medical details will be stored in a separate locked place from the brief details about what you are seeking counselling for (this will be typed out and given to your designated counsellor and will have your client code on it and your name deleted from it. Anything provided through email will then be deleted).

Initial Assessment Form

This will only be seen by your counsellor.

Strengths and Difficulties Questionnaire

The parent questionnaire will be seen by the counselling manager and the child’s designated counsellor but the child’s questionnaire will only be seen by their designated counsellor and no names will be written on the sheets; only the client code to protect identity.

Case notes and review questionnaire

Case notes written by your counsellor and any review questionnaires will also be coded to protect your identity. Unless these notes are subpoenaed (ordered) by a court of law, only your counsellor has access to these notes.

End of counselling questionnaire

This will not have your name on it or any other identifiable information. Your counsellor, the counselling manager and the trustees will have access to these. This is for statistical purposes, in order to monitor how well we are facilitating the counselling sessions and to hear whether there is anything we can be doing better.

Paying for sessions via bank transfer

Restore accepts payment for sessions by cash, cheque or bank transfer. However, if you are paying by bank transfer, you need to be aware that as well as Restore’s Director, Restore’s treasurer and external auditor may see your name on the bank statements. These people will have signed a confidentiality statement and will not assume that the payer is receiving counselling because Restore also receives online payments from sponsors of clients and for supervisees.

How do we use your information?

We may use your personal information for:

  • Dealing with your enquiries, requests and complaints
  • Processing your donations and orders
  • Providing you with information about our work activities, events and services
  • Complying with our legal obligations and procedures
  • Providing and personalising our services
  • Administration
  • Fundraising
  • Statistics
  • Seamless communication between the counselling manager and your designated counsellor
  • Communicating with you via letters, phone calls, texts or emails
  • In certain circumstances to contact your GP or emergency contacts
  • Clinical supervision (mandatory for all counsellors to ensure professional and ethical competence. Your identity will not be revealed to the supervisor and codes will be used).

6. Legal basis for using your information

Restore has both a legal and an ethical obligation to keep your data safe. Therefore no unauthorised person will have access to your information.

In some cases, Restore will only use your personal information where we have your consent or because we need to use it in order to fulfil a contract with you (for example, because you have placed an order through our website).

However, there are other lawful reasons that allow us to process your personal information and one of those reasons is called ‘legitimate interests’. This means that the reason that we are processing information is because there is a legitimate interest for Restore to process your information to help us make sure you get the support and service you need if you come to us for counselling or supervision.

Whenever we process your Personal Information under the ‘legitimate interest’ lawful basis, we make sure that we take into account both your rights and interests and will not process your personal information if we feel that there is an imbalance. You have the right to obtain your personal information from Restore but in certain circumstances this may not be in your best interest, for example, in a domestic violence situation. Therefore in such circumstances you will only be given aspects of your personal information to ensure best practice, to protect your safety, your wellbeing or the safety of another.

Some examples of where we have a legitimate interest to process your Personal Information are when we contact you about our work via post, use your personal information for data analytics, improve our services, for our ethical and legal purposes or for complying with guidance from the Charity Commission.

Marketing

We will only contact you by phone, email or text message about our work and how you can support Restore if you have agreed for us to contact you in this manner.

If you have provided us with your postal address, we may send you information about our work and how you can support Restore unless you have told us that you would prefer not to hear from us in this way.

You can update your choices or stop us sending you these communications at any time by contacting info@restorecounsellingservices.org.uk

8. Sharing your information

We will never sell or share your personal information with organisations so that they can contact you for any marketing activities.

The personal information we collect about you will mainly be used by our staff and volunteers at Restore so that they can support you.

We may also share your information with HMRC for the purposes of claiming Gift Aid and those auditing our accounts.

Restore adheres to a strict code of confidentiality. However, confidentiality has its limitations and there may be certain circumstances when this issue is compromised and there is a direct conflict with our legal and ethical obligations as a counselling agency. Such circumstances include when there is danger of you causing significant harm to yourself or others, if you disclose about a child being abused or in imminent danger of being abused, drug trafficking, any intention to commit an act of terrorism or if we are required by a court of law to disclose information.

Keeping your information safe

Restore takes looking after your information very seriously. We’ve implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.

Data submitted to the www.restorecounsellingserives.org.uk website is received and sent using SSL encryption to ensure that should this data be intercepted, it will be rendered unreadable unless the encryption key is known.

Unfortunately the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent to us this way, we cannot guarantee the security of data transmitted to our site.

Our website does contain links to other sites. Whilst we try to only link to sites which share our high standards and respect for privacy, we are not responsible for the content or the privacy practices employed by other sites and we suggest you read their privacy statements.

We cannot view or record any card details when payments are made through the Restore website. All payments made through the website are facilitated off-site securely via PayPal. Card information is not passed to Restore by PayPal; we only receive notifications about whether a payment has been successful or unsuccessful. If you email your bank details to Restore’s Director in the event of a training refund, once the refund has been processed, the email will be deleted and the only information held will be through our bank secure systems (HSBC). The email you will send the details to is password protected and only the Director of Restore has access to it. Technically, the website manager does too but he abides by a strict confidentiality policy and will not read any emails.

10. How long we hold your information for

  • We will not keep personal data if you have unsubscribed from one of our mailing lists or not given us consent to retain your information after a training course.
  • If you are a donor, we will only retain limited personal data if we haven’t had any contact with you within the last 2 years.
  • Gift Aid records are kept on file for a minimum of 6 years in order to comply with HMRC regulations.
  • Counselling and Supervision records will be kept for 6 years after ending or until the child who has received counselling is 21 years of age if that is longer.

11. Your rights

You have various rights in respect of the personal information we hold about you. These are set out in more detail below. If you wish to exercise any of these rights or make a complaint, you can do so in the first instance by emailing Restore’s Data Controller and Data Processor, Jackie Barrett, at info@restorecounsellingservices.org.uk or phoning 07456 267951. You can also make a complaint to the data protection supervisory authority, the Information Commissioner’s Office: https://ico.org.uk

The right to rectification (UK GDPR Chapter 3 Article 16)

You can ask us to change any inaccurate personal information concerning you or complete any incomplete personal information held about you.

The right to erasure (UK GDPR Chapter 3 Article 17)

You can ask us to delete your personal information where:

  • It is no longer necessary for us to use it
  • You have withdrawn consent and there is no legal basis for keeping it.
  • The data has been unlawfully processed

The right to restrict processing (UK GDPR Chapter 3 Article 18)

You can ask us to restrict the personal information we use about you where:

  • You believe your personal information is inaccurate
  • The processing of it is unlawful
  • It is no longer needed for processing but needs to be kept for legal reasons and, when receiving counselling or supervision, in compliance with the counselling or supervision agreement
  • Where you have asked for it to be erased or
  • Where you have objected to our use of it

The right to data portability (UK GDPR Chapter 3 Article 20)

You can ask us to provide you or a third party with some of the information that we hold about you in a structured, commonly used, electronic form so it can be easily transferred.

The right to object (UK GDPR Chapter 3 Article 21)

There are three rights which you have to object to your personal information being processed if there is something about your particular situation which makes you want to object to processing on this ground. The only absolute objection is to direct marketing. The other two rights relate to scientific, historical, research and statistical purposes or whether it is necessary for the public interest or official authority.

There must be adequate grounds for you to make an objection. We may have compelling legitimate grounds for the processing of your information and that can override your right to object.

The right of automated decision making and profiling (UK GDPR Chapter 3 Article 22)

Automated decision making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar impact on you, unless you have given us your consent, it is necessary for a contract between us or it is permitted by law.

Restore does not currently carry out any automated decision making.

Restrictions (UK GDPR Chapter 3 Article 23)

Please note that some of these rights only apply in certain circumstances and we may not be able to fulfil every request, particularly:

  • If it is necessary for us in order to carry out the service requested
  • If there is a need to safeguard you or the public from harm
  • For the prevention, investigation, detection or prosecution of criminal offences
  • If a court of law requires the information
  • If it means that we will breach the ethical standards we adhere to of the professional bodies we belong to: The British Association of Counsellors and Psychotherapists (BACP) and the Association of Christian Counsellors (ACC). These bodies regulate our profession and ensure we are giving you the best and safest service possible.

12. Working with children, adolescents and their parents or carers

Restore works with children and adolescents, as well as adults.

We take the protection of children very seriously; not least because they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to processing data (UK GDPR Recital 38).

Every parent of a child coming to Restore for counselling will sign a counselling agreement which includes information about confidentiality and the keeping of personal information. Adolescents sign this too but for young children, information related to this and the counselling process is explained in simple ways and in clear language which they will understand (UK GDPR Recital 58).

Whilst it is usual for parents to give consent for counselling, UK GDPR Recital 38 states that: ‘the consent of the holder of parental responsibility should not be necessary in the context of preventative or counselling services offered directly to the child.’

Restore has a separate safeguarding policy in place for working with children, adolescents and vulnerable adults.

13. In the event of a data breach (UK GDPR Chapter 4 Article 33)

In the unlikely event that your personal information is breached in any way, the Data Controller will inform the supervisory authority within 72 hours after having become aware of the breach, unless the Data Controller is able to demonstrate, in accordance with the accountability principle, that the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.